CVE-2021-20233

HIGH

GNU Grub2 < 2.06 - Out-of-Bounds Write

Title source: rule

Description

A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Exploits (1)

nomisec WORKING POC

by pauljrowland · poc

https://github.com/pauljrowland/BootHoleFix

View Code ZIP pw:eip

References (4)

Core 4

Core References

Issue Tracking, Patch, Third Party Advisory x_refsource_misc

https://bugzilla.redhat.com/show_bug.cgi?id=1926263

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/202104-05

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20220325-0001/

Scores

CVSS v3 8.2

EPSS 0.0021

EPSS Percentile 43.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (20)

fedoraproject/fedora 33

fedoraproject/fedora 34

gnu/grub2 < 2.06

netapp/ontap_select_deploy_administration_utility

redhat/enterprise_linux 7.0

redhat/enterprise_linux 8.0

redhat/enterprise_linux_server_aus 7.2

redhat/enterprise_linux_server_aus 7.3

redhat/enterprise_linux_server_aus 7.4

redhat/enterprise_linux_server_aus 7.6

... and 10 more

Published Mar 03, 2021

Tracked Since Feb 18, 2026